The ActiveDirectoryMembershipProvider.EnablePasswordReset property indicates whether you can use the ActiveDirectoryMembershipProvider.ResetPassword(string, string) method to reset a user's password. The ActiveDirectoryMembershipProvider.EnablePasswordReset property is set in your application's configuration file using the enablePasswordReset attribute of the membership element.

You can only set the ActiveDirectoryMembershipProvider.EnablePasswordReset property true when the following membership element settings have been made.

• requiresQuestionAndAnswer must be true.

• The Active Directory schema must be modified to contain attributes for storing the password question and answer, as well as the three tracking fields for password-answer change attempts.

• attributeMapPasswordQuestion, attributeMapPasswordAnswer, attributeMapFailedPasswordAnswerCount, attributeMapFailedPasswordAnswerTime, and attributeMapFailedPasswordAnswerLockoutTime must be mapped to attributes in the Active Directory schema.

If the above criteria are not met, a System.Configuration.Provider.ProviderException is thrown at initialization.

When the connection string in the application configuration file specifies an Active Directory domain rather than a specific server, the System.Web.Security.ActiveDirectoryMembershipProvider instance will always connect to the domain controller that has the PDC role for the domain to ensure that password changes take effect and are available when the ActiveDirectoryMembershipProvider.ValidateUser(string, string) method is called.

Namespace: System.Web.Security
Assembly: System.Web (in System.Web.dll)
Assembly Versions: 2.0.0.0
Since: .NET 2.0